If you have worked in IT as a network administrator for any length of time you know one nearly universal truth: when something is not working the first people to check with is the network team. As much as we hate to admit it, we understand it. The network, as the backbone of every organization, is always the transport layer. To survive in a modern IT organization, the network administrators need to have a large and robust toolkit at their disposal. One of the most important tools in the administrator’s arsenal is the packet sniffer.
A packet sniffer is a piece of software which watches data flow across the network and intercepts, logs, and analyzes network packets. The information gleaned from a packet sniffer is invaluable for troubleshooting network problems and understanding how data transverses the network. With a packet sniffer, the next time you are asking if something is wrong with the network, you can determine application response time and say with confidence that nothing is wrong with the network.
Packet sniffers come in many different shapes and sizes, and luckily some of the best tools are completely free. Some tools are better than others, and they have different feature sets, but the following are the top 5 picks for packet sniffers.
Solarwinds Bandwidth Analyzer tool is actually a two-for-one: you get their Network Performance Monitor that handles fault, availability, and performance monitoring for networks of all sizes, as well as their Netflow Traffic Analyzer that uses flow technology for analysis of network bandwidth performance and traffic patterns. Both apps are bundled together in the 2-pack.
Network Performance Monitor monitors display response time, availability, and performance of network devices and detects, diagnoses, and resolves performance issues with out-of-the-box dashboards, alerts, and reports. It also graphically displays network performance statistics in real time via dynamic, drill-able network maps.
The included Netflow Analyzer identifies users, applications, and protocols that are consuming bandwidth down to the interface level, highlighst IP addresses of top talkers and stores and displays flow data with one-minute granularity. It also analyzes Cisco® NetFlow™, Juniper® J-Flow, IPFIX, sFlow®, Huawei NetStream™ and other flow data.
Wireshark, previously know as Ethereal, is a powerful and robust open-source packet sniffer. Wireshark is the most popular packet sniffer around – paid or free. It is so popular, in fact, that outside of network administrators the many people say “can we get a Wireshark?” when they are asking for you to run a packet capture. Wireshark is both an interactive packet sniffing and analysis tool. The fact that Wireshark can run on Windows, Linux and Mac is just a small reason for its popularity. It includes an attractive graphical user interface, making it easy to capture and view data. Some of its most robust features include detail filters to see only the packets you are concerned about, the ability to view packets at whatever detail you want, and the ability to easily decode and view hundreds of protocols. Wireshark is one of the best tools for creating and viewing information about packing going across your network
In the time before Ethereal, and arguably still today, tcpdump is the defacto standard for packet sniffing. It does not have the pretty user interface of Wireshark, and it does not have built-in logic to decode application flows, but remains a standard for many network administrators. It is the tried and true standard for network packet sniffing since the late 80s. It can capture and record packet with very little system overhead, making it a favorite for many people. Tcpdump was originally designed for UNIX systems and is often installed by default. Since its creations, it has been bored to windows as WinDump.
In the past decade, wireless networks have been an extremely importantly past of most business networks. We now use wireless networks for laptops, mobile phones, and tablets. As these devices have risen to importance in the office, so has the wireless network. Packet sniffing on a wireless network has some unique challenges with supported adapters, and that is where Kismet shines. Kismet is designed for wireless packet sniffing and supports any wireless network adapter which supports raw monitoring mode. It addition to 802.11 monitoring, it has plugin support for decoding, not wireless packets.
Like Wireshark, EtherApe is a free and open source piece of software designed to examine network packets. Rather than displaying lots of information in text format, EtherApe aims to represent the captured packets visually and a series of connections and data flows. EtherApe supports viewing network packets real time, but can also examine standard formats of existing packet captures. This gives the administrator another valuable tool in troubleshooting network problems.
These are just a few of the packet sniffers available for you, and while they represent some of our favorites, they are no means the only options. As evaluate packet sniffers it is important to understand what use cases you are trying to solve. In this space, most of the free tools work as well, or better, than any paid software. Try your hand at some new software, and maybe you will have a new favorite tool.